Fortinet black logo

New Features

Display detailed FortiSandbox analysis and downloadable PDF report

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:351054
Download PDF

Display detailed FortiSandbox analysis and downloadable PDF report

In the Top FortiSandbox Files FortiView monitor, users can select a submitted file and drill down to view its static and dynamic file analysis. The full FortiSandbox report can be downloaded in PDF format. This feature works with FortiGate Cloud Sandbox, FortiSandbox Cloud, and FortiSandbox appliance. FortiSandbox must be running version 3.2.1 and later.

Prerequisites:
  1. Add FortiSandbox to the Security Fabric (see Sandboxing in the FortiOS Administration Guide).
  2. Configure an AV profile with Send files to FortiSandbox for inspection enabled (see Using FortiSandbox with antivirus in the FortiOS Administration Guide).
  3. Configure a firewall policy with the AV profile that allows traffic to the internet.
  4. Add the Top FortiSandbox Files FortiView monitor (see Adding FortiView monitors in the FortiOS Administration Guide).
  5. On a client PC, attempt to download a suspicious file.
To view the FortiSandbox analysis and download the PDF:
  1. Go to Dashboard > Top FortiSandbox Files. The entry appears in the table, but the analysis is not available yet.

  2. After about five to ten minutes, refresh the table. The analysis is available.

  3. Select the entry, then right-click and select Drill Down to Details.
  4. In the dropdown, select Static File Analysis to view the static file analysis.

  5. In the dropdown, select the client device to view the dynamic file analysis.

  6. Click Download full report to download the detailed PDF report. The reports contains FortiSandbox job information, detailed file information, static analysis results, and dynamic analysis results.

Starting in FortiOS 7.2.4, PDF reports are downloaded on-demand and only 10 are kept in memory by default. PDFs are deleted from memory after 24 hours.

To change the maximum number of PDFs kept in memory:
# diagnose test analytics-pdf-report max <integer>

The range is 1 - 10, and the default is 10. After the FortiGate is restarted, this value will revert to the default.

Display detailed FortiSandbox analysis and downloadable PDF report

In the Top FortiSandbox Files FortiView monitor, users can select a submitted file and drill down to view its static and dynamic file analysis. The full FortiSandbox report can be downloaded in PDF format. This feature works with FortiGate Cloud Sandbox, FortiSandbox Cloud, and FortiSandbox appliance. FortiSandbox must be running version 3.2.1 and later.

Prerequisites:
  1. Add FortiSandbox to the Security Fabric (see Sandboxing in the FortiOS Administration Guide).
  2. Configure an AV profile with Send files to FortiSandbox for inspection enabled (see Using FortiSandbox with antivirus in the FortiOS Administration Guide).
  3. Configure a firewall policy with the AV profile that allows traffic to the internet.
  4. Add the Top FortiSandbox Files FortiView monitor (see Adding FortiView monitors in the FortiOS Administration Guide).
  5. On a client PC, attempt to download a suspicious file.
To view the FortiSandbox analysis and download the PDF:
  1. Go to Dashboard > Top FortiSandbox Files. The entry appears in the table, but the analysis is not available yet.

  2. After about five to ten minutes, refresh the table. The analysis is available.

  3. Select the entry, then right-click and select Drill Down to Details.
  4. In the dropdown, select Static File Analysis to view the static file analysis.

  5. In the dropdown, select the client device to view the dynamic file analysis.

  6. Click Download full report to download the detailed PDF report. The reports contains FortiSandbox job information, detailed file information, static analysis results, and dynamic analysis results.

Starting in FortiOS 7.2.4, PDF reports are downloaded on-demand and only 10 are kept in memory by default. PDFs are deleted from memory after 24 hours.

To change the maximum number of PDFs kept in memory:
# diagnose test analytics-pdf-report max <integer>

The range is 1 - 10, and the default is 10. After the FortiGate is restarted, this value will revert to the default.